"What's your solution?"

[my bad... as Douglas points out in the content... this isn't the password, just a flag]I don't think I've ever seen such a brilliant error message, as one I just found at solucija.com

It not only includes the connection details.... but the PASSWORD TOO!!!

I love the site's slogan:

What's your solution?

uh, my solution involves *not* telling everyone my password.

'Douglas Stockwell' on Fri, 11 Nov 2005 03:27:45 GMT, sez:

Err, that's not the password - it just means they are USING a password :)

'secretGeek' on Fri, 11 Nov 2005 05:04:20 GMT, sez:

Ahh! That's better!
thanks DOuglas

'secretGeek' on Fri, 11 Nov 2005 05:09:23 GMT, sez:

now i don't know if i should pull this entry or not: i don't want to just cover up my own mistake -- but i don't want this entry to sit here besmirching the innocent...

'David Stone' on Fri, 11 Nov 2005 07:37:17 GMT, sez:

That's true. However, assuming that you had your connection string right and the error was just that the DB was down, then you could reasonably guess that once the DB is back up, you can use that password to gain access.

Or, if it is off, then it's probably a one-off spelling error or something of the sort. So it wouldn't be too hard to generate a dictionary with a few hundred variations of the password to attempt the correct one.

'lb' on Fri, 11 Nov 2005 10:09:25 GMT, sez:

David -- Glad to see you're blogging again!

Hope you got a lot of work done during your hiatus.

I think, from what Douglas says, that the "Password=Yes" might simply mean something akin to:
"Uses a Password? = True"

in other words, it's not giving away anything other than that there is a password in use.

You'd have to clarify with a bonafide php expert... and i'm not one of those (i hear they smell rather funny)

cheers, hope things are swell

name


website (optional)


enter the word:
 

comment (HTML not allowed)

All viewpoints welcome. But the right to delete any post for any reason is reserved. Don't make me do it. Aim for constructiveness. Comments may be republished, emailed to your loved ones or printed and used as toilet paper. Also, I get particularly nasty on comment spam. It's not worth even trying to post comment spam here -- your html is escaped, and your links are given a rel='nofollow'. By attempting to post a comment, you understand that if the comment is considered spam, at my absolute discretion, your IP address may be used as the target of a prolonged distributed denial of service attack. Your electricity might suddenly stop working. Your car tyres will go mysteriously flat. You will suffer permanent hairloss. Your dreams will be filled with terrifying monsters. And in any case I reserve the right to record and publish your IP address.

 

TimeSnapper_{Know thyself!}

TimeSnapper is a life analysis system that stores and plays-back your computer use. It makes timesheet recording a breeze, helps you recover lost work and shows you how to sharpen your act.

 

NimbleText is a Powerful FREE Tool

Use it for:

• extracting data from text
• manipulating text
• generating code

It makes you look awesome. Use it right now! Go on! Hurry! Don't walk, run!